Object signing and signature verification
Find information about IBM i object signing and signature verification security capabilities that you can use to ensure the integrity of objects. Learn how to use one of several IBM i methods for creating digital signatures on objects to identify the source of the object and provide a means for detecting changes to the object. Also learn how to enhance system security by verifying digital signatures on objects, including operating system objects, to determine whether there have been changes to the contents of the object since it was signed.
Object signing and signature verification are security capabilities that you can employ to verify the integrity of a variety of objects. You use a digital certificate's private key to sign an object, and you use the certificate (which contains the corresponding public key) to verify the digital signature. A digital signature ensures the integrity of time and content of the object that you are signing. The signature provides proof of both authenticity and authorization. It can be used to show proof of origin and detect tampering. By signing the object, you identify the source of the object and provide a means for detecting changes to the object. When you verify the signature on an object you can determine whether there have been changes to the contents of the object since it was signed. You can also verify the source of the signature to ensure the reliability of the object's origin.
You can implement object signing and signature verification by:
- APIs to sign objects and to verify the signatures on objects programmatically.
- Digital Certificate Manager to sign objects and to view or to verify object signatures.
- CL commands, such as Check Object Integrity (CHKOBJITG) to verify signatures.
To learn more about these methods of signing objects and how signing objects can enhance your current security policy, review these topics: